Scott Mayo wrote:
Keith Warno wrote:
* <[EMAIL PROTECTED]> [29/07/2005 1119EDT]:
I am working on my permissions and something does not quite make
sense to me. Here is what I have set.
/DIR (Unix permissions are 3777)
Then in samba I have the following
[dir]
path = /DIR
read only = no
valid users @teach @student
create mask 3660
directory mask 3770
Then from a windows workstation, I create a new directory inside
'dir', and call it 'teach'.
The permissions of 'teach' are 2770. It looks like it should be 3770
to me since the 'directory mask' commands does a bitwise 'AND'.
Anyone know why this is? Maybe it is because of the DOS attributes
or something.
You're right about the bitwise AND.
But default mode for a new directory is 0777. Observe:
[EMAIL PROTECTED]:~$ cd tmp
[EMAIL PROTECTED]:~/tmp$ umask 0
[EMAIL PROTECTED]:~/tmp$ umask
0000
[EMAIL PROTECTED]:~/tmp$ file foodir
foodir: cannot open (foodir)
[EMAIL PROTECTED]:~/tmp$ mkdir foodir
[EMAIL PROTECTED]:~/tmp$ ls -ld foodir
drwxrwxrwx 2 kw users 4096 Jul 29 11:59 foodir
However, your new directory *inherited* the setgid bit (effectively a
bitwise OR); this is simply the behavior of setgid bits on directories.
From the man page for the stat() system call (section 2):
The set GID bit (S_ISGID) has several special uses: For a
directory it indicates that BSD semantics is to be used for
that directory: files created there inherit their group ID from
the directory, not from the effective gid of the creating
process, and directories created there will also get the S_ISGID
bit set. For a file that does not have the group execution
bit (S_IXGRP) set, it indicates mandatory file/record locking.
So, for your case:
(3770 & 0777) | 2000 = 2770
It is doing exactly what it should be doing. :)
Keith
Ok, I guess that makes sense after you explained it. I got it to work
by using both the 'directory mask' and the 'force directory mode'. That
works but I have no idea why. I also just tried to use the 'force
directory mode' which is a bitwise 'OR' to see what I would get and here
are the permissions that I end up with in both cases. I cannot figure
out where they are coming from.
With both 'directory mask = 3770' and 'force directory mode = 3770' I get:
drwxrws--T DIR (which would be 3770)
If I just use 'force directory mode = 3770', then I get the following
permissions:
drwxrwsr-t DIR (which would be 3775)
Thanks for any help. I am glad that it works in with using both
directives, but I just want to understand why. I have been doing a lot
of reading, and just when I think that I understand how it should
work...it throws me a curve. :)
Actually the first one does make sense I guess, but not the 2nd. Here
is how I understand it.
[(3777 & 0770) | 3770] | 2000 = 3770
I have no ide where the rx permissions come from in the last example
though.
--
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549
Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba